CN117527430A - Zero-trust network security dynamic evaluation system and method - Google Patents
Zero-trust network security dynamic evaluation system and method Download PDFInfo
- Publication number
- CN117527430A CN117527430A CN202311713354.6A CN202311713354A CN117527430A CN 117527430 A CN117527430 A CN 117527430A CN 202311713354 A CN202311713354 A CN 202311713354A CN 117527430 A CN117527430 A CN 117527430A
- Authority
- CN
- China
- Prior art keywords
- user
- equal
- data
- unit
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000012795 verification Methods 0.000 claims abstract description 50
- 238000004458 analytical method Methods 0.000 claims abstract description 47
- 230000004044 response Effects 0.000 claims abstract description 38
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 8
- 238000011835 investigation Methods 0.000 claims abstract description 6
- 230000008030 elimination Effects 0.000 claims abstract description 5
- 238000003379 elimination reaction Methods 0.000 claims abstract description 5
- 230000006399 behavior Effects 0.000 claims description 105
- 230000002159 abnormal effect Effects 0.000 claims description 62
- 230000005540 biological transmission Effects 0.000 claims description 60
- 238000006243 chemical reaction Methods 0.000 claims description 17
- 230000005856 abnormality Effects 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 12
- 230000000694 effects Effects 0.000 claims description 11
- 238000012937 correction Methods 0.000 claims description 9
- 238000007405 data analysis Methods 0.000 claims description 7
- 238000007726 management method Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000003909 pattern recognition Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000012549 training Methods 0.000 claims description 4
- 208000032370 Secondary transmission Diseases 0.000 claims description 3
- 238000013475 authorization Methods 0.000 claims description 3
- 238000013500 data storage Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 238000012827 research and development Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000013139 quantization Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a system and a method for dynamically evaluating the security of a zero trust network. The system comprises: the identity verification module is used for verifying the identity information of the user, and comprises at least one of user name and password verification, face recognition verification and fingerprint recognition verification; the context sensing module is used for collecting and analyzing context information related to the user; the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs; the log module is used for recording all security events and access requests occurring in the system and used for subsequent analysis, fault elimination and subsequent investigation; the access control module is used for determining whether to grant the authority of the user for accessing the resource according to the identity information and the context information of the user; and the response module is used for taking corresponding response measures according to the evaluation result of the access control module and the security policy so as to strengthen the recognition and response limiting capacity of the abnormal behavior and reduce the network security threat.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a zero-trust network security dynamic evaluation system and method.
Background
With the rapid development of the internet and the advancement of digital transformation, network security problems become more and more important and complex. It is also becoming particularly important to protect computer networks, systems, and data from unauthorized access, destruction, theft, or interference, wherein research and development enterprises are focusing more on the rapid development of the network security field, providing a comprehensive security defense, and in the current complex and varied network security environments, providing enterprises with more powerful network protection means that help them effectively cope with various security threats and risks.
Traditional scientific research and development enterprises generally have complex network architecture and various devices and users, and need to protect sensitive data and business assets. In enterprise networks, internal staff is also one of the important threats facing enterprise security, and staff is generally trustworthy, but misbehavior of misuse authority and intentional leakage of sensitive information is inevitably generated. By misusing rights or deliberately revealing sensitive information, security risks are created for the enterprise, and unauthorized access may threaten the network security of the scientific research and development enterprise, and cause a certain loss to the own interests of the enterprise.
Disclosure of Invention
The invention provides a zero-trust network security dynamic evaluation system and a zero-trust network security dynamic evaluation method, which are used for enhancing the recognition and response limiting capacity of abnormal behaviors and reducing network security threat.
According to an aspect of the present invention, there is provided a zero trust network security dynamic assessment system, the system comprising: the system comprises an identity verification module, a context awareness module, a behavior analysis module, a log module, an access control module and a response module;
the identity verification module is used for verifying the identity information of a user, and comprises at least one of user name and password verification, face identification verification and fingerprint identification verification;
the context sensing module is used for collecting and analyzing context information related to a user;
the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs;
wherein Wd represents a temperature value of the equipment during operation, beta represents an electric quantity loss of the equipment, dlxs is an abnormal login coefficient, csxs is a data transmission abnormal coefficient, and Kjxs is a memory space coefficient; dlxs, csxs and Kjxs are obtained by establishing a baseline behavior model, analyzing data in real time and calculating;
the log module records all security events and access requests occurring in the system and is used for subsequent analysis, fault elimination and subsequent investigation;
the access control module is used for determining whether to grant the authority of the user for accessing the resource according to the identity information and the context information of the user;
and the response module is used for taking corresponding response measures according to the evaluation result of the access control module and the security policy.
Optionally, the identity verification module includes: a user interface unit, a credential verification unit, and an identity token unit;
the user interface unit is used for providing an interface for the interaction between a user and the identity verification system, and comprises a login interface and an authentication application program, wherein the user inputs credentials and provides other identity verification information through the interface;
the credential verification unit is used for being responsible for verifying the validity of credentials provided by a user and checking whether the credentials are matched with prestored credentials; wherein the credentials include a user name, a password, a certificate, and a token;
the identity token unit is used for generating an identity token, tracking the authorization state and the identity information of the user, and acquiring the identity information and the state of the user in subsequent user requests.
Optionally, the context awareness module includes: the device comprises a device identification unit, a network information unit, a time stamp unit and a device memory space unit;
the device identification unit is configured to identify and determine a type and a feature of a device, where the type and the feature of the device include: operating system, device type, hardware information;
the network information unit is used for acquiring the network position and related network information of the equipment, and acquiring equipment positioning, MAC address, subnet information, domain name and uplink and downlink data volume by network scanning, IP address analysis and DNS query modes;
the time stamp unit is used for acquiring the time of the equipment activity, acquiring time stamp information on the equipment and synchronizing with the time server so as to ensure that the running time of the equipment is accurately acquired;
the device memory space unit is configured to obtain memory space capacity information of a device, including available memory of the device, used memory of the device, and reserved memory of the device.
Optionally, the behavior analysis module includes: the system comprises a data analysis unit, a behavior model building unit and an abnormality detection unit;
the data analysis unit is used for analyzing and classifying the acquired data, and after characteristic extraction and pattern recognition of the data, the data are arranged into a data set and sent to the behavior model building unit;
the behavior model building unit is used for building a behavior model of the equipment, building the behavior model by training normal behavior and behavior rules of the equipment, and carrying out calculation and analysis on a data set to obtain an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs;
the anomaly detection unit is used for detecting the anomaly behavior and the potential threat of the equipment, comparing the actual behavior and the expected behavior of the equipment by using the behavior model and the rule engine, and taking countermeasures.
Optionally, the abnormal login coefficient Dlxs is obtained by the following formula:
wherein sbcy represents a device difference value, dw represents a device location, sj represents a device run time, a 1 、a 2 And a 3 Respectively representing the weight value of the equipment difference value sbcy, the equipment positioning dw and the equipment running time sj;
wherein, sbcy is more than or equal to 0.35 and less than or equal to 0.55,0.65, dw is more than or equal to 0.85,0.25 and sj is more than or equal to 0.45, wherein a is more than or equal to 1 +a 2 +a 3 Not less than 1.5, C represents a correction constant;
the data transmission anomaly coefficient Csxs is obtained by the following formula:
wherein sjl represents the amount of uplink and downlink data, yxnc represents the calculated memory value of the device, wd represents the temperature value of the device during operation, and d 1 、d 2 And d 3 Respectively representing uplink and downlink data quantity sjl, a device running memory value yxnc and a weight value of a device running temperature value wd;
wherein, sjl is more than or equal to 0.75 and 0.95,0.45, yxnc is more than or equal to 0.65,0.25, wd is more than or equal to 0.45, and d is more than or equal to 1 +d 2 +d 3 Not less than 1.5, E represents a correction constant;
the memory space coefficient Kjxs is obtained by the following formula:
where wlnc represents the device physical memory space value, ccl table device storage conversion value, sfl represents the device memory release conversion value, gzsc represents the device operating time value, f 1 、f 2 、f 3 And f 4 Respectively representing a device physical memory space value wlnc, a device storage conversion rate value ccl, a device memory release conversion rate value sfl and a weight value of a device working time length value gzsc;
wherein, wlnc is more than or equal to 0.75 and less than or equal to 0.95,0.55 and ccl is more than or equal to 0.75,055.ltoreq. sfl.ltoreq. 0.75,0.35.ltoreq.gzsc.ltoreq.0.55, where f 1 +f 2 +f 3 +f 4 And (2) 2.0, G represents a correction constant.
Optionally, the log module includes: the log collecting unit and the log analyzing unit;
the log collecting unit is used for collecting log information from equipment and a system, and monitoring the activities of the equipment and the system, including the running state of the equipment, event triggering and error information;
the log analysis unit is used for carrying out structuring treatment on the collected original log data, converting the data into a format which is easy to understand and analyze, and classifying the information and extracting key fields.
Optionally, the access control module includes: a policy management unit and a control unit;
the strategy management unit is used for obtaining an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs after calculation and analysis by the behavior analysis module, obtaining data of a behavior pattern coefficient Xwxs after combination processing and calculation, and uploading the data to the server;
and comparing the abnormal login coefficient Dlxs with a standard threshold value to obtain a grade strategy scheme, wherein the grade strategy scheme comprises the following steps of:
if Dlxs is less than or equal to 19, obtaining first-level abnormal evaluation, and allowing user login;
if Dlxs is not less than 20 and not more than 39, obtaining a second-level abnormal evaluation, and allowing user login to be required to be additionally verified;
if Dlxs is less than or equal to 40 and less than or equal to 59, three-level abnormal evaluation is obtained, and user login is refused;
if Dlxs is less than or equal to 60 and less than or equal to 79, four-level abnormal evaluation is obtained, user login is refused, and the user is prevented from accessing for a period of time;
if Dlxs is not less than 80 and not more than 99, five-level abnormal evaluation is obtained, user login is refused, and a user account or locking equipment is disabled;
comparing the data transmission abnormal coefficient Csxs with a standard threshold value to obtain a level strategy scheme, wherein the level strategy scheme comprises the following steps:
if Csxs is less than or equal to 24, obtaining first-level transmission abnormal evaluation, allowing the transmission operation of the user, and normally transmitting data;
if Csxs is more than or equal to 25 and less than or equal to 49, obtaining a secondary transmission abnormality evaluation, wherein the transmission operation of the user is allowed, but further verification is needed, including checking the data integrity;
if Csxs is more than or equal to 50 and less than or equal to 74, three-level transmission abnormality evaluation is obtained, the transmission operation of a user is refused, and the transmission channel is temporarily blocked;
if Csxs is more than or equal to 75 and less than or equal to 99, four-level transmission abnormal evaluation is obtained, the transmission operation of the user is refused, and the transmission connection is interrupted and the user terminal is locked;
the method comprises the steps of obtaining a hierarchical policy scheme by comparing a memory space coefficient Kjxs with a standard threshold value, wherein the hierarchical policy scheme comprises the following steps:
if Kjxs is less than or equal to 9, obtaining a first-level storage evaluation, wherein the storage data operation of the user is allowed;
if Kjxs is less than or equal to 10 and less than or equal to 19, a secondary storage evaluation is obtained, and the storage data operation of the user is allowed, but the integrity of the storage data of the user needs to be checked.
If Kjxs is less than or equal to 20 and less than or equal to 29, three-level storage evaluation is obtained, the data storage operation of the user is refused, and the device prevents the user from continuously storing data;
if Kjxs is less than or equal to 30 and less than or equal to 39, four-level storage evaluation is obtained, the storage data operation of the user is refused, and the equipment automatically cleans the content about the transmission in the memory space;
if Kjxs is less than or equal to 40 and less than or equal to 49, five-level storage evaluation is obtained, the storage data operation of the user is refused, and all storage requests of the user are prevented;
the control unit is used for analyzing and identifying the acquired strategy scheme, including the grade and the corresponding strategy scheme execution content, and matching the strategy scheme with the access control rule of the equipment so as to determine the operation to be executed.
Optionally, the response module includes a response unit;
the response unit is used for sending a notification to the user, matching the behavior mode coefficient Xwxs of the abnormality of the user after calculation and analysis of the policy scheme result executed by the access control module, and sending the notification to the relevant user so as to enhance the safety consciousness of the user and strengthen the recognition and reaction capability of the user on the abnormal behavior.
Optionally, the behavior pattern coefficient Xwxs includes a login behavior pattern, a transmission behavior pattern, a storage behavior pattern, and an access behavior pattern.
According to another aspect of the present invention, there is provided a method for dynamic evaluation of security of a zero trust network, the method comprising:
verifying the identity information of the user through an identity verification module;
collecting and analyzing context information related to the user through a context awareness module;
classifying and calculating the collected data through a behavior analysis module to obtain an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs;
recording all security events and access requests occurring in the system through a log module;
controlling whether the authority of the user for accessing the resource is granted or not by the access control module according to the grade strategy scheme acquired by the behavior analysis module;
and according to the evaluated result and the safety strategy, adopting corresponding response measures by the response module to send a notification to the user.
The technical scheme of the embodiment of the invention comprises the steps of setting a zero trust network security dynamic evaluation system comprising an identity verification module, a context sensing module, a behavior analysis module, a log module, an access control module and a response module, wherein the identity verification module is used for verifying identity information of a user and comprises at least one of user name and password verification, face identification verification and fingerprint identification verification; the context sensing module is used for collecting and analyzing context information related to a user; the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs; the log module records all security events and access requests occurring in the system and is used for subsequent analysis, fault elimination and subsequent investigation; the access control module is used for determining whether to grant the authority of the user for accessing the resource according to the identity information and the context information of the user; the response module is used for taking corresponding response measures according to the evaluation result of the access control module and the security policy, solving the potential risk problem of enterprise access, and helping to prevent unauthorized access, unauthorized operation and abuse of sensitive data and reduce potential security risks by limiting the access rights of users and identifying potential threat behaviors.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a dynamic evaluation system for security of a zero trust network according to a first embodiment of the present invention;
fig. 2 is a flowchart of a dynamic evaluation method for security of a zero trust network according to a second embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a schematic structural diagram of a dynamic evaluation system for security of a zero trust network according to a first embodiment of the present invention. As shown in fig. 1, the zero-trust network security dynamic assessment system comprises: the system comprises an identity verification module, a context awareness module, a behavior analysis module, a log module, an access control module and a response module;
the identity verification module is used for verifying the identity information of the user, and comprises the step of verifying by using a user name and a password, a face recognition technology and fingerprint recognition;
the context sensing module is used for collecting and analyzing context information related to the user;
the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs, and analyzing and calculating the obtained data by establishing a baseline behavior model and analyzing the data in real time: abnormal login coefficient Dlxs, data transmission abnormal coefficient Csxs and memory space coefficient Kjxs;
wherein Wd represents a temperature value when the device is operated, and beta represents an electric quantity loss amount of the device;
the log module records all security events and access requests occurring in the system, and the logs are used for subsequent analysis and fault removal and meet the requirements of subsequent investigation;
the access control module is used for determining whether to grant the authority of the user to access the resource according to the identity information and other context information of the user;
and the response module takes corresponding response measures according to the evaluated result and the safety strategy.
When the system operates, user identity information is verified through the identity verification module, unauthorized access is prevented through multiple verification modes, the safety and the reliability of the system are improved, context information related to a user can be collected through the context sensing module, the context information comprises an operating system, hardware information, an IP address, equipment positioning and uplink and downlink data quantity, the context information is transmitted to the analysis module for data analysis and classification, the data are subjected to feature extraction and pattern recognition, and are arranged into a data set to be transmitted to a model for training calculation to obtain: the method comprises the steps of collecting equipment and log information including the running state, event triggering and error information of the equipment through a log module, comparing a standard threshold set by an access control module with the abnormal login coefficient Dlxs, the data transmission abnormal coefficient Csxs and the memory space coefficient Kjxs synchronously, obtaining a grade strategy scheme, executing the grade strategy scheme, obtaining a result through executing the grade strategy scheme, calculating and analyzing the grade strategy scheme, matching with a login behavior mode, a transmission behavior mode, a storage behavior mode and an access behavior mode included by the behavior mode coefficient Xwxs, and sending a notice to related users so as to enhance the safety awareness of the users and strengthen the recognition and response limiting capacity of the abnormal behavior, thereby improving the network security network protection means of scientific research and development enterprises, reducing the threat from network security and protecting the interests of the enterprises.
The technical scheme of the embodiment of the invention comprises a zero trust network security dynamic evaluation system comprising an identity verification module, a context sensing module, a behavior analysis module, a log module, an access control module and a response module, wherein the identity verification module is used for verifying identity information of a user and comprises at least one of user name and password verification, face identification verification and fingerprint identification verification; the context sensing module is used for collecting and analyzing context information related to the user; the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs; the log module is used for recording all security events and access requests occurring in the system and used for subsequent analysis, fault elimination and subsequent investigation; the access control module is used for determining whether to grant the authority of the user for accessing the resource according to the identity information and the context information of the user; and the response module is used for taking corresponding response measures according to the evaluation result of the access control module and the security policy, solving the potential risk problem of enterprise access, and helping to prevent unauthorized access, unauthorized operation and abuse of sensitive data and reduce potential security risks by limiting the access rights of users and identifying potential threat behaviors.
On the basis of the above embodiment, optionally, the identity verification module includes a user interface unit, a credential verification unit and an identity token unit;
the user interface unit is used for providing an interface for the user to interact with the identity verification system, and comprises a login interface and an authentication application program, wherein the user inputs credentials and provides other identity verification information through the interface;
credential verification unit this unit is responsible for verifying the validity of a credential provided by a user, it checks whether the credential matches a pre-stored credential, the credential comprising a user name, password, certificate and token;
the identity token unit is used for generating an identity token, tracking the authorization state and the identity information of the user, and acquiring the identity information and the state of the user in the subsequent user request; the context sensing module comprises a device identification unit, a network information unit, a time stamp unit and a device memory space unit;
the device identification unit is used for identifying and determining the type and the characteristics of the device, and comprises an operating system, the device type and hardware information;
the network information unit is used for acquiring the network position and related network information of the equipment, and acquiring equipment positioning, MAC address, subnet information, domain name and uplink and downlink data volume by network scanning, IP address analysis and DNS query modes;
the time stamp unit is used for acquiring the time of the equipment activity, acquiring time stamp information on the equipment and synchronizing with the time server so as to ensure that the running time of the equipment is accurately acquired;
the device memory space unit is used for acquiring memory space capacity information of the device, and comprises available memory of the device, used memory of the device and reserved memory of the device.
In an optional implementation manner of the embodiment of the present invention, the analysis module includes a data analysis unit, a behavior model building unit, and an anomaly detection unit;
the data analysis unit is responsible for analyzing and classifying the acquired data, and after feature extraction and pattern recognition are carried out on the data, the data sets contain key features and pattern information of equipment behaviors and are arranged into a data set transmission behavior model building unit;
the behavior model building unit is used for building a behavior model of the equipment, building the behavior model by training normal behaviors and behavior rules of the equipment, and carrying out calculation and analysis on the data set to obtain: abnormal login coefficient Dlxs, data transmission abnormal coefficient Csxs and memory space coefficient Kjxs;
the abnormality detection unit is used for detecting abnormal behaviors and potential threats of the equipment, comparing actual behaviors and expected behaviors of the equipment by using the behavior model and the rule engine, and taking countermeasures; the abnormal login coefficient Dlxs is obtained by the following formula:
wherein sbcy represents a device difference value, dw represents a device location, sj represents a device run time, a 1 、a 2 And a 3 Respectively representing the weight value of the equipment difference value sbcy, the equipment positioning dw and the equipment running time sj;
wherein, sbcy is more than or equal to 0.35 and less than or equal to 0.55,0.65, dw is more than or equal to 0.85,0.25 and sj is more than or equal to 0.45, wherein a is more than or equal to 1 +a 2 +a 3 And (C) represents a correction constant.
For example, the device difference value may be a specific quantization of the device identification unit acquired data. For example, the device discrepancy value may be the case of a device discrepancy in operating system, device type, hardware information. Device location may be a specific quantization of the network information element acquisition data. For example, device location may be determined by device IP address, MAC address, subnet information, domain name, and the like. The device runtime may be determined by the device activity occurrence time obtained by the time stamping unit.
The data transmission anomaly coefficient Csxs is obtained by the following formula:
wherein sjl represents the amount of uplink and downlink data, yxnc represents the calculated memory value of the device, wd represents the temperature value of the device during operation, and d 1 、d 2 And d 3 Respectively representing uplink and downlink data quantity sjl, a device running memory value yxnc and a weight value of a device running temperature value wd;
wherein, sjl is more than or equal to 0.75 and 0.95,0.45, yxnc is more than or equal to 0.65,0.25, wd is more than or equal to 0.45, and d is more than or equal to 1 +d 2 +d 3 And ≡1.5, E represents a correction constant.
The uplink and downlink data amounts may be uplink and downlink data amounts determined by the network information unit, for example. The device computing memory value may be the device memory space unit obtaining memory space capacity information of the device, which may be the device available memory. The device runtime temperature value may be a device real-time temperature acquired by the context awareness module through a temperature sensor or the like.
The memory space coefficient Kjxs is obtained by the following formula:
where wlnc represents the device physical memory space value, ccl table device storage conversion value, sfl represents the device memory release conversion value, gzsc represents the device operating time value, f 1 、f 2 、f 3 And f 4 Respectively representing a device physical memory space value wlnc, a device storage conversion rate value ccl, a device memory release conversion rate value sfl and a weight value of a device working time length value gzsc;
wherein, wlnc is more than or equal to 0.75 and less than or equal to 0.95,0.55, ccl is more than or equal to 0.75,0.55 and less than or equal to sfl and less than or equal to 0.75,0.35 gzsc is more than or equal to 0.55, wherein f is less than or equal to 1 +f 2 +f 3 +f 4 More than or equal to 2.0, G represents a correction constant; the log module comprises a log collecting unit and a log analyzing unit.
The device physical memory space value may be, for example, the sum of device available memory, device medical memory, and device reserved memory. The device storage conversion rate value and the device memory release conversion rate value can be obtained by reading a management device operated in the background of the device in real time through a context sensing module.
The log collecting unit is used for collecting log information from the equipment and the system, monitoring the activities of the equipment and the system, including the running state of the equipment, event triggering and error information, and the system can comprehensively know the running condition of the equipment and the system through collecting and analyzing the log information;
the log analysis unit is used for carrying out structural processing on the collected original log data and converting the data into a format which is easy to understand and analyze, and the log analysis unit comprises the steps of classifying the information and extracting key fields, so that the system can analyze log information more efficiently and accurately capture key events and abnormal behaviors of equipment and the system.
In an optional implementation manner of the embodiment of the present invention, the access control module includes a policy management unit and a control unit;
the strategy management unit is used for obtaining the data of the behavior mode coefficient Xwxs after the combination processing and calculation of the abnormal login coefficient Dlxs, the data transmission abnormal coefficient Csxs and the memory space coefficient Kjxs after the calculation and analysis by the behavior analysis module, wherein the data are obtained based on the comprehensive evaluation of the system on the behaviors of equipment and users, have important safety significance and are uploaded to the server;
and comparing the abnormal login coefficient Dlxs with a standard threshold value to obtain a grade strategy scheme:
dlxs is less than or equal to 19, a first-level abnormal evaluation is obtained, and user login is allowed;
dlxs is less than or equal to 20 and less than or equal to 39, a second-level abnormal evaluation is obtained, and the user login is allowed and needs to be additionally verified;
dlxs is less than or equal to 40 and less than or equal to 59, three-level abnormal evaluation is obtained, and user login is refused;
obtaining four-level abnormal evaluation, wherein Dlxs is less than or equal to 60 and less than or equal to 79, and the login of a user is refused to prevent the user from accessing for a period of time;
obtaining five-level abnormal evaluation, wherein Dlxs is not less than 80 and not more than 99, user login is refused, and user account or locking equipment is disabled;
and comparing the data transmission abnormal coefficient Csxs with a standard threshold value to obtain a level strategy scheme:
csxs is less than or equal to 24, the first-level transmission abnormal evaluation is obtained, the transmission operation of the user is allowed, and the data is normally transmitted;
csxs is more than or equal to 25 and less than or equal to 49, secondary transmission abnormality evaluation is obtained, and the transmission operation of a user is allowed, but further verification is needed, including checking the data integrity;
csxs is less than or equal to 50 and less than or equal to 74, three-level transmission abnormality evaluation is obtained, the transmission operation of a user is refused, and the transmission channel is temporarily blocked;
csxs is more than or equal to 75 and less than or equal to 99, four-level transmission abnormal evaluation is obtained, the transmission operation of a user is refused, and transmission connection is interrupted and a user end is locked;
and comparing the memory space coefficient Kjxs with a standard threshold value to obtain a level strategy scheme:
kjxs is less than or equal to 9, a first-level storage evaluation is obtained, and the storage data operation of a user is allowed;
kjxs is less than or equal to 10 and less than or equal to 19, secondary storage evaluation is obtained, and storage data operation of a user is allowed, but the integrity of storage data of the user needs to be checked.
Kjxs is less than or equal to 20 and less than or equal to 29, three-level storage evaluation is obtained, the operation of the stored data of the user is refused, and the device prevents the user from continuously storing the data;
kjxs is less than or equal to 30 and less than or equal to 39, four-level storage evaluation is obtained, the storage data operation of a user is refused, and the equipment can automatically clear the content about the transmission in the memory space;
kjxs is less than or equal to 40 and less than or equal to 49, five-level storage evaluation is obtained, the storage data operation of the user is refused, and all storage requests of the user are prevented;
the control unit is used for analyzing and identifying the acquired strategy scheme, including the grade and the corresponding strategy scheme execution content, matching the strategy scheme with the access control rule of the equipment so as to determine the operation to be executed, and the system can effectively control and manage the access of the equipment according to the predefined strategy scheme through the work of the control unit;
the response module comprises a response unit;
the response unit is used for sending a notification to the user, the result of the strategy scheme executed by the access control module is matched with the behavior mode coefficient Xwxs to which the abnormality belongs, and the notification is sent to the relevant user, so that the safety awareness of the user is enhanced, and the recognition and reaction capability of the abnormal behavior is enhanced;
the behavior pattern coefficient Xwxs comprises a login behavior pattern, a transmission behavior pattern, a storage behavior pattern and an access behavior pattern;
the login behavior mode is specifically expressed as follows: analyzing the login of the user, judging whether abnormal login activities exist or not, including login from unusual geographic positions or using different equipment;
the transmission behavior pattern is embodied as: by analyzing the user's transmissions, abnormal data transmission activities may be detected, including bulk data transmissions, unusual transmission destinations, or abnormally frequent data transmissions;
the storage behavior pattern is embodied as: by analyzing the storage behavior of the user, abnormal storage activities can be identified, including abnormal data storage locations, abnormal storage capacity use cases, or unauthorized data backup behaviors;
the access behavior pattern is embodied as: by analyzing the access behavior of the user, abnormal access activities can be discovered, including frequent access to sensitive files, unauthorized access, or abnormal access patterns.
Example two
Fig. 2 is a flowchart of a dynamic evaluation method for security of a zero trust network according to a second embodiment of the present invention, where the technical solution in this embodiment is further refined, and the technical solution in this embodiment may be combined with each alternative solution in one or more embodiments. As shown in fig. 2, the method includes:
step 210, verifying the identity information of the user through the identity verification module.
Step 220, collecting and analyzing context information related to the user by the context awareness module.
And 230, classifying and calculating the collected data through a behavior analysis module to obtain an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs.
Step 240, recording all security events and access requests occurring in the system through a log module.
Step 250, controlling whether to grant the authority of the user to access the resource by the access control module according to the level policy scheme acquired by the behavior analysis module.
Step 260, corresponding response measures are adopted to send a notification to the user through the response module according to the evaluated result and the security policy.
According to the technical scheme of the embodiment of the invention, the verification of the information of the user identity is completed through the steps 210 to 260, the relevant context information of the user information is collected, and the collected data is calculated through an analysis module to obtain: the method comprises the steps of recording all security events and access requests occurring in a system through a log module, controlling whether to grant permission of access resources of the access control module according to a level strategy scheme acquired by an analysis module, and obtaining specific behaviors by matching an execution result of the level strategy scheme with a behavior mode coefficient Xwxs through a response module, wherein the specific behaviors comprise: logging in the behavior mode, transmitting the behavior mode, storing the behavior mode and accessing the behavior mode, and then adopting corresponding response measures to send a notice to the user through the response module.
In the technical scheme of the embodiment of the invention, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations and do not violate the popular regulations of the public order.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. A zero trust network security dynamic assessment system, the system comprising: the system comprises an identity verification module, a context awareness module, a behavior analysis module, a log module, an access control module and a response module;
the identity verification module is used for verifying the identity information of a user, and comprises at least one of user name and password verification, face identification verification and fingerprint identification verification;
the context sensing module is used for collecting and analyzing context information related to a user;
the behavior analysis module is used for classifying and calculating the collected data to obtain a behavior pattern coefficient Xwxs;
wherein Wd represents a temperature value of the equipment during operation, beta represents an electric quantity loss of the equipment, dlxs is an abnormal login coefficient, csxs is a data transmission abnormal coefficient, and Kjxs is a memory space coefficient; dlxs, csxs and Kjxs are obtained by establishing a baseline behavior model, analyzing data in real time and calculating;
the log module records all security events and access requests occurring in the system and is used for subsequent analysis, fault elimination and subsequent investigation;
the access control module is used for determining whether to grant the authority of the user for accessing the resource according to the identity information and the context information of the user;
and the response module is used for taking corresponding response measures according to the evaluation result of the access control module and the security policy.
2. The zero trust network security dynamic evaluation system of claim 1, wherein the identity verification module comprises: a user interface unit, a credential verification unit, and an identity token unit;
the user interface unit is used for providing an interface for the interaction between a user and the identity verification system, and comprises a login interface and an authentication application program, wherein the user inputs credentials and provides other identity verification information through the interface;
the credential verification unit is used for being responsible for verifying the validity of credentials provided by a user and checking whether the credentials are matched with prestored credentials; wherein the credentials include a user name, a password, a certificate, and a token;
the identity token unit is used for generating an identity token, tracking the authorization state and the identity information of the user, and acquiring the identity information and the state of the user in subsequent user requests.
3. The zero-trust network security dynamic assessment system of claim 1, wherein the context awareness module comprises: the device comprises a device identification unit, a network information unit, a time stamp unit and a device memory space unit;
the device identification unit is configured to identify and determine a type and a feature of a device, where the type and the feature of the device include: operating system, device type, hardware information;
the network information unit is used for acquiring the network position and related network information of the equipment, and acquiring equipment positioning, MAC address, subnet information, domain name and uplink and downlink data volume by network scanning, IP address analysis and DNS query modes;
the time stamp unit is used for acquiring the time of the equipment activity, acquiring time stamp information on the equipment and synchronizing with the time server so as to ensure that the running time of the equipment is accurately acquired;
the device memory space unit is configured to obtain memory space capacity information of a device, including available memory of the device, used memory of the device, and reserved memory of the device.
4. The zero-trust network security dynamic assessment system of claim 1, wherein the behavior analysis module comprises: the system comprises a data analysis unit, a behavior model building unit and an abnormality detection unit;
the data analysis unit is used for analyzing and classifying the acquired data, and after characteristic extraction and pattern recognition of the data, the data are arranged into a data set and sent to the behavior model building unit;
the behavior model building unit is used for building a behavior model of the equipment, building the behavior model by training normal behavior and behavior rules of the equipment, and carrying out calculation and analysis on a data set to obtain an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs;
the anomaly detection unit is used for detecting the anomaly behavior and the potential threat of the equipment, comparing the actual behavior and the expected behavior of the equipment by using the behavior model and the rule engine, and taking countermeasures.
5. The zero-trust network security dynamic assessment system of claim 4, wherein the outlier login coefficient Dlxs is obtained by the following formula:
wherein sbcy represents a device difference value, dw represents a device location, sj represents a device run time, a 1 、a 2 And a 3 Respectively representing the weight value of the equipment difference value sbcy, the equipment positioning dw and the equipment running time sj;
wherein, sbcy is more than or equal to 0.35 and less than or equal to 0.55,0.65, dw is more than or equal to 0.85,0.25 and sj is more than or equal to 0.45, wherein a is more than or equal to 1 +a 2 +a 3 Not less than 1.5, C represents a correction constant;
the data transmission anomaly coefficient Csxs is obtained by the following formula:
wherein sjl represents the amount of uplink and downlink data, yxnc represents the calculated memory value of the device, wd represents the temperature value of the device during operation, and d 1 、d 2 And d 3 Respectively representing uplink and downlink data quantity sjl, a device running memory value yxnc and a weight value of a device running temperature value wd;
wherein, sjl is more than or equal to 0.75 and 0.95,0.45, yxnc is more than or equal to 0.65,0.25, wd is more than or equal to 0.45, and d is more than or equal to 1 +d 2 +d 3 Not less than 1.5, E represents a correction constant;
the memory space coefficient Kjxs is obtained by the following formula:
where wlnc represents the device physical memory space value, ccl table device storage conversion value, sfl represents the device memory release conversion value, gzsc represents the device operating time value, f 1 、f 2 、f 3 And f 4 Respectively representing a device physical memory space value wlnc, a device storage conversion rate value ccl, a device memory release conversion rate value sfl and a weight value of a device working time length value gzsc;
wherein, wlnc is more than or equal to 0.75 and less than or equal to 0.95,0.55, ccl is more than or equal to 0.75,0.55 and less than or equal to sfl and less than or equal to 0.75,0.35 gzsc is more than or equal to 0.55, wherein f is less than or equal to 1 +f 2 +f 3 +f 4 And (2) 2.0, G represents a correction constant.
6. The zero trust network security dynamic assessment system of claim 1, wherein the log module comprises: the log collecting unit and the log analyzing unit;
the log collecting unit is used for collecting log information from equipment and a system, and monitoring the activities of the equipment and the system, including the running state of the equipment, event triggering and error information;
the log analysis unit is used for carrying out structuring treatment on the collected original log data, converting the data into a format which is easy to understand and analyze, and classifying the information and extracting key fields.
7. The zero trust network security dynamic evaluation system of claim 1, wherein the access control module comprises: a policy management unit and a control unit;
the strategy management unit is used for obtaining an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs after calculation and analysis by the behavior analysis module, obtaining data of a behavior pattern coefficient Xwxs after combination processing and calculation, and uploading the data to the server;
and comparing the abnormal login coefficient Dlxs with a standard threshold value to obtain a grade strategy scheme, wherein the grade strategy scheme comprises the following steps of:
if Dlxs is less than or equal to 19, obtaining first-level abnormal evaluation, and allowing user login;
if Dlxs is not less than 20 and not more than 39, obtaining a second-level abnormal evaluation, and allowing user login to be required to be additionally verified;
if Dlxs is less than or equal to 40 and less than or equal to 59, three-level abnormal evaluation is obtained, and user login is refused;
if Dlxs is less than or equal to 60 and less than or equal to 79, four-level abnormal evaluation is obtained, user login is refused, and the user is prevented from accessing for a period of time;
if Dlxs is not less than 80 and not more than 99, five-level abnormal evaluation is obtained, user login is refused, and a user account or locking equipment is disabled;
comparing the data transmission abnormal coefficient Csxs with a standard threshold value to obtain a level strategy scheme, wherein the level strategy scheme comprises the following steps:
if Csxs is less than or equal to 24, obtaining first-level transmission abnormal evaluation, allowing the transmission operation of the user, and normally transmitting data;
if Csxs is more than or equal to 25 and less than or equal to 49, obtaining a secondary transmission abnormality evaluation, wherein the transmission operation of the user is allowed, but further verification is needed, including checking the data integrity;
if Csxs is more than or equal to 50 and less than or equal to 74, three-level transmission abnormality evaluation is obtained, the transmission operation of a user is refused, and the transmission channel is temporarily blocked;
if Csxs is more than or equal to 75 and less than or equal to 99, four-level transmission abnormal evaluation is obtained, the transmission operation of the user is refused, and the transmission connection is interrupted and the user terminal is locked;
the method comprises the steps of obtaining a hierarchical policy scheme by comparing a memory space coefficient Kjxs with a standard threshold value, wherein the hierarchical policy scheme comprises the following steps:
if Kjxs is less than or equal to 9, obtaining a first-level storage evaluation, wherein the storage data operation of the user is allowed;
if Kjxs is less than or equal to 10 and less than or equal to 19, obtaining a secondary storage evaluation, wherein the storage data operation of the user is allowed, but the integrity of the storage data of the user needs to be checked;
if Kjxs is less than or equal to 20 and less than or equal to 29, three-level storage evaluation is obtained, the data storage operation of the user is refused, and the device prevents the user from continuously storing data;
if Kjxs is less than or equal to 30 and less than or equal to 39, four-level storage evaluation is obtained, the storage data operation of the user is refused, and the equipment automatically cleans the content about the transmission in the memory space;
if Kjxs is less than or equal to 40 and less than or equal to 49, five-level storage evaluation is obtained, the storage data operation of the user is refused, and all storage requests of the user are prevented;
the control unit is used for analyzing and identifying the acquired strategy scheme, including the grade and the corresponding strategy scheme execution content, and matching the strategy scheme with the access control rule of the equipment so as to determine the operation to be executed.
8. The zero trust network security dynamic assessment system of claim 7, wherein the response module comprises a response unit;
the response unit is used for sending a notification to the user, matching the behavior mode coefficient Xwxs of the abnormality of the user after calculation and analysis of the policy scheme result executed by the access control module, and sending the notification to the relevant user so as to enhance the safety consciousness of the user and strengthen the recognition and reaction capability of the user on the abnormal behavior.
9. The zero-trust network security dynamic assessment system of claim 8, wherein the behavior pattern coefficients Xwxs comprise a login behavior pattern, a transmission behavior pattern, a storage behavior pattern, and an access behavior pattern.
10. A method for dynamic evaluation of zero trust network security, the method comprising:
verifying the identity information of the user through an identity verification module;
collecting and analyzing context information related to the user through a context awareness module;
classifying and calculating the collected data through a behavior analysis module to obtain an abnormal login coefficient Dlxs, a data transmission abnormal coefficient Csxs and a memory space coefficient Kjxs;
recording all security events and access requests occurring in the system through a log module;
controlling whether the authority of the user for accessing the resource is granted or not by the access control module according to the grade strategy scheme acquired by the behavior analysis module;
and according to the evaluated result and the safety strategy, adopting corresponding response measures by the response module to send a notification to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311713354.6A CN117527430A (en) | 2023-12-13 | 2023-12-13 | Zero-trust network security dynamic evaluation system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311713354.6A CN117527430A (en) | 2023-12-13 | 2023-12-13 | Zero-trust network security dynamic evaluation system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117527430A true CN117527430A (en) | 2024-02-06 |
Family
ID=89747921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311713354.6A Pending CN117527430A (en) | 2023-12-13 | 2023-12-13 | Zero-trust network security dynamic evaluation system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117527430A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117749536A (en) * | 2024-02-21 | 2024-03-22 | 湖南华博信息技术有限公司 | Zero-trust unified identity authentication system and construction method |
-
2023
- 2023-12-13 CN CN202311713354.6A patent/CN117527430A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117749536A (en) * | 2024-02-21 | 2024-03-22 | 湖南华博信息技术有限公司 | Zero-trust unified identity authentication system and construction method |
| CN117749536B (en) * | 2024-02-21 | 2024-04-19 | 湖南华博信息技术有限公司 | Zero-trust unified identity authentication system and construction method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11902307B2 (en) | Method and apparatus for network fraud detection and remediation through analytics | |
| US9679125B2 (en) | Characterizing user behavior via intelligent identity analytics | |
| CN111245793A (en) | Method and device for analyzing abnormity of network data | |
| Wang et al. | Security analysis of SITAR intrusion tolerance system | |
| CN113542279B (en) | Network security risk assessment method, system and device | |
| US20110314558A1 (en) | Method and apparatus for context-aware authentication | |
| US20110314549A1 (en) | Method and apparatus for periodic context-aware authentication | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| CN112182519A (en) | Computer storage system security access method and access system | |
| CN111274046A (en) | Service call validity detection method and device, computer equipment and computer storage medium | |
| RU2634174C1 (en) | System and method of bank transaction execution | |
| CN117527430A (en) | Zero-trust network security dynamic evaluation system and method | |
| CN114297708A (en) | Access control method, device, equipment and storage medium | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN116915515B (en) | Access security control method and system for industrial control network | |
| Cha et al. | A blockchain-enabled IoT auditing management system complying with ISO/IEC 15408-2 | |
| CN116894259A (en) | Safety access control system of database | |
| CN116506206A (en) | Big data behavior analysis method and system based on zero trust network user | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| Schneidewind | Metrics for mitigating cybersecurity threats to networks | |
| CN115640581A (en) | Data security risk assessment method, device, medium and electronic equipment | |
| Alhassan et al. | Threat modeling of electronic health systems and mitigating countermeasures | |
| JP3923268B2 (en) | Rogue client identification device | |
| CN115085956A (en) | Intrusion detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |